Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-mvy5-xw6x-y7h2
Vulnerability ID VCID-mvy5-xw6x-y7h2
Aliases CVE-2014-0219
GHSA-m6g3-xq5q-4hg9
Summary Improper Input Validation Apache Karaf before 4.0.10 enables a shutdown port on the loopback interface, which allows local users to cause a denial of service (shutdown) by sending a shutdown command to all listening high ports.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-20 Improper Input Validation
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 5.5 http://karaf.apache.org/security/cve-2014-0219.txt
generic_textual MODERATE http://karaf.apache.org/security/cve-2014-0219.txt
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2014-0219
cvssv3.1 5.5 https://bugzilla.redhat.com/show_bug.cgi?id=1095974
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=1095974
cvssv3.1 5.5 https://nvd.nist.gov/vuln/detail/CVE-2014-0219
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2014-0219
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2014-0219
https://bugzilla.redhat.com/show_bug.cgi?id=1095974
CVE-2014-0219 https://nvd.nist.gov/vuln/detail/CVE-2014-0219
CVE-2014-0219.TXT http://karaf.apache.org/security/cve-2014-0219.txt
GHSA-m6g3-xq5q-4hg9 https://github.com/advisories/GHSA-m6g3-xq5q-4hg9
No exploits are available.
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at http://karaf.apache.org/security/cve-2014-0219.txt
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=1095974
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2014-0219
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.23844
EPSS Score 0.00081
Published At May 30, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-30T20:59:05.787613+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.karaf/apache-karaf/CVE-2014-0219.yml 38.6.0